Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,040 --> 00:00:03,600 Let's now use the user account page 2 00:00:03,600 --> 00:00:06,803 in order to allow users to update their data. 3 00:00:08,410 --> 00:00:10,770 So what we're gonna do is to allow the user 4 00:00:10,770 --> 00:00:15,030 to update both the name and the email address for now. 5 00:00:15,030 --> 00:00:17,060 And we will add the user photo here 6 00:00:17,060 --> 00:00:18,843 a bit later in the next section. 7 00:00:19,826 --> 00:00:23,670 Okay, now there are two ways in which we can do this. 8 00:00:23,670 --> 00:00:27,420 The first one is to submit a post request to our API 9 00:00:27,420 --> 00:00:31,150 just like we did with the login form, remember that? 10 00:00:31,150 --> 00:00:33,950 And actually, we're gonna do that in the next lecture. 11 00:00:33,950 --> 00:00:36,600 But in this one, I want to show you another way 12 00:00:36,600 --> 00:00:39,950 which is a more traditional normal way. 13 00:00:39,950 --> 00:00:41,840 So in this more traditional way, 14 00:00:41,840 --> 00:00:45,150 we specify the post method right on the form, 15 00:00:45,150 --> 00:00:49,710 along with the URL where the post request should be sent to. 16 00:00:49,710 --> 00:00:52,980 So basically, using this method, we don't need JavaScript 17 00:00:52,980 --> 00:00:55,660 for doing the request, it automatically happens 18 00:00:55,660 --> 00:00:59,450 with the HTML form which will then post the data 19 00:00:59,450 --> 00:01:03,580 to the URL endpoint in our backend that we specified. 20 00:01:03,580 --> 00:01:06,980 Now personally, I don't really like this solution, 21 00:01:06,980 --> 00:01:09,270 because it forces a page reload, 22 00:01:09,270 --> 00:01:11,200 and it also requires us to create 23 00:01:11,200 --> 00:01:14,750 yet another route and route handler in our backend. 24 00:01:14,750 --> 00:01:16,830 And finally, it also makes it a bit 25 00:01:16,830 --> 00:01:19,120 more difficult to handle errors. 26 00:01:19,120 --> 00:01:22,510 However, I still believe that it's very important 27 00:01:22,510 --> 00:01:25,700 that you know how to work with forms in this way, 28 00:01:25,700 --> 00:01:27,910 because it might make more sense 29 00:01:27,910 --> 00:01:30,630 in the application that you're building. 30 00:01:30,630 --> 00:01:34,140 For example, your application might not even need an API, 31 00:01:34,140 --> 00:01:36,200 and so in that case, when you're only building 32 00:01:36,200 --> 00:01:39,140 a rendered website, then of course it doesn't make sense 33 00:01:39,140 --> 00:01:41,770 to submit forms using an API call, 34 00:01:41,770 --> 00:01:43,490 and instead, you will do it the way 35 00:01:43,490 --> 00:01:46,020 that we're gonna do it in this video. 36 00:01:46,020 --> 00:01:48,760 Alright, and so that's why we're doing it this way 37 00:01:48,760 --> 00:01:50,580 in this lecture, and then using 38 00:01:50,580 --> 00:01:53,320 the API way in the next lecture. 39 00:01:53,320 --> 00:01:55,910 So, what we need to do in our form 40 00:01:55,910 --> 00:01:57,960 in order to submit it automatically, 41 00:01:57,960 --> 00:01:59,930 without having to go through JavaScript 42 00:01:59,930 --> 00:02:02,030 as I mentioned before, so basically 43 00:02:02,030 --> 00:02:05,240 automatically posting the data to our endpoint, 44 00:02:05,240 --> 00:02:10,240 is to specify that endpoint, and so we do that here 45 00:02:10,550 --> 00:02:15,133 in the form, where we specify the action attribute. 46 00:02:17,380 --> 00:02:21,410 So the action, and so let's say that we're gonna create 47 00:02:21,410 --> 00:02:26,410 an end point called submit user data, like this. 48 00:02:27,740 --> 00:02:30,433 Okay, and then we also specify the method, 49 00:02:33,180 --> 00:02:37,400 which is post, okay, so this always needs to happen 50 00:02:37,400 --> 00:02:41,310 on the form element that we are submitting, okay. 51 00:02:41,310 --> 00:02:43,963 Let's give it some more space here, 52 00:02:45,020 --> 00:02:47,170 in order to make it easier to understand, 53 00:02:47,170 --> 00:02:49,920 and so all of this here is our form, 54 00:02:49,920 --> 00:02:52,500 and so when we click on this button element, 55 00:02:52,500 --> 00:02:56,260 automatically the form will get submitted, and the data 56 00:02:56,260 --> 00:03:01,260 will be sent using a post request to this URL, alright. 57 00:03:01,410 --> 00:03:03,540 There are also different ways in which the data 58 00:03:03,540 --> 00:03:06,850 is actually sent, but the default one is called 59 00:03:06,850 --> 00:03:09,540 URL encoded, and so that's the one we're using here. 60 00:03:09,540 --> 00:03:11,440 And so basically what that's gonna do 61 00:03:11,440 --> 00:03:14,050 is to encode all the data that we're submitting 62 00:03:14,050 --> 00:03:16,650 in the URL a bit like a query string. 63 00:03:16,650 --> 00:03:19,480 Okay, but more on that when we are actually working 64 00:03:19,480 --> 00:03:22,790 on getting the data on the server and working with it. 65 00:03:22,790 --> 00:03:26,880 So, this here is the first step in making this method work, 66 00:03:26,880 --> 00:03:30,220 and the second one is to specify the name properties 67 00:03:30,220 --> 00:03:32,423 on the fields that we actually want to send. 68 00:03:33,310 --> 00:03:35,950 So it's this input and this input, 69 00:03:35,950 --> 00:03:38,460 and their values will be sent with a request 70 00:03:38,460 --> 00:03:41,420 based on their name attributes. 71 00:03:41,420 --> 00:03:46,420 Okay, so let's say here, name equals to name, 72 00:03:48,360 --> 00:03:53,180 okay, so that's the username, and then this one here 73 00:03:53,180 --> 00:03:56,083 will have the name equal to email. 74 00:03:57,680 --> 00:04:01,910 Okay, and so this will then be the name of this field, 75 00:04:01,910 --> 00:04:04,370 and the body that our application receives. 76 00:04:04,370 --> 00:04:07,840 Alright, and so right now when we submit the form, 77 00:04:07,840 --> 00:04:09,750 the body that we will then receive 78 00:04:09,750 --> 00:04:12,410 will only have the name and the email, 79 00:04:12,410 --> 00:04:14,290 because these are the only two fields 80 00:04:14,290 --> 00:04:16,640 which actually have a name attribute. 81 00:04:16,640 --> 00:04:20,233 Alright, so let's now implement this route here, 82 00:04:21,730 --> 00:04:23,930 okay, so as I said with this method, 83 00:04:23,930 --> 00:04:25,993 we need to implement yet another route. 84 00:04:28,550 --> 00:04:33,550 Okay, so router, and remember that this is a post request. 85 00:04:36,200 --> 00:04:40,713 Okay, and so this one will be in viewsController, 86 00:04:44,500 --> 00:04:48,467 and let's say updateUserData, alright, give it a save, 87 00:04:54,934 --> 00:04:57,100 and now let's actually create this handler. 88 00:04:58,440 --> 00:04:59,993 So here in this file. 89 00:05:10,580 --> 00:05:12,310 And the first thing that I want to do here 90 00:05:12,310 --> 00:05:14,733 is to actually take a look at the body. 91 00:05:19,437 --> 00:05:22,800 .body, okay, and so basically in this case, 92 00:05:22,800 --> 00:05:26,550 just to show you that it actually won't work just like this. 93 00:05:26,550 --> 00:05:29,380 Okay, and I'm going to tell you why after we 94 00:05:29,380 --> 00:05:33,200 experiment it, okay, so for now let's just see 95 00:05:33,200 --> 00:05:35,380 if we're actually connected already. 96 00:05:35,380 --> 00:05:38,390 So if submitting that form will actually trigger 97 00:05:38,390 --> 00:05:41,700 this handler here, okay, let's also 98 00:05:41,700 --> 00:05:43,500 add a string here just to make sure. 99 00:05:47,620 --> 00:05:50,980 Alright, so let's reload this here 100 00:05:52,040 --> 00:05:54,020 so that we get our new form, and just 101 00:05:54,020 --> 00:05:56,020 to make sure, let's take a look at that. 102 00:05:58,210 --> 00:06:01,080 Alright, so you see here, the action and the method 103 00:06:01,080 --> 00:06:04,023 that we added, and of course also these names, 104 00:06:04,870 --> 00:06:09,253 okay, and so let's add some middle name here, 105 00:06:10,890 --> 00:06:13,010 I don't know, let's say Sarah, 106 00:06:13,010 --> 00:06:17,473 then here the email let's add the last name to it, 107 00:06:19,500 --> 00:06:23,460 now we get this error, please provide email and password, 108 00:06:23,460 --> 00:06:25,730 and so this kind of comes from the 109 00:06:25,730 --> 00:06:29,063 login form, right, so that's weird. 110 00:06:30,770 --> 00:06:34,660 So let's take a look at our form here, 111 00:06:34,660 --> 00:06:38,130 and indeed, this form here has the form class. 112 00:06:38,130 --> 00:06:39,270 And I think that's the one that 113 00:06:39,270 --> 00:06:42,377 we used also in our index.js, right. 114 00:06:45,200 --> 00:06:48,070 So here we basically got that form 115 00:06:48,070 --> 00:06:50,830 using the form class, and when that exists, 116 00:06:50,830 --> 00:06:54,990 and it is submitted, then we try to log in, right here. 117 00:06:54,990 --> 00:06:58,450 Okay, and so that is of course not correct, 118 00:06:58,450 --> 00:07:02,170 and so we should select our log in form in some other way. 119 00:07:02,170 --> 00:07:03,783 So let's very quickly fix that, 120 00:07:05,310 --> 00:07:10,310 here we have login, so let's just add another class here, 121 00:07:12,300 --> 00:07:14,970 form login, and that's a bit weird 122 00:07:14,970 --> 00:07:17,460 because we already have login form here, 123 00:07:17,460 --> 00:07:20,040 but it's not really on a form element. 124 00:07:20,040 --> 00:07:23,820 So we shouldn't use that, and so let's create here 125 00:07:23,820 --> 00:07:28,493 form with a modifier of login, okay. 126 00:07:31,890 --> 00:07:34,853 So let's put that here, give it a save, 127 00:07:36,970 --> 00:07:39,270 and so now this should no longer be happening, 128 00:07:40,270 --> 00:07:42,010 because now we no longer have that 129 00:07:42,010 --> 00:07:44,173 event handler attached to this form. 130 00:07:45,120 --> 00:07:48,473 So let's quickly reload it again, and try this again, 131 00:07:50,953 --> 00:07:53,340 and now you see that it's actually doing something, 132 00:07:53,340 --> 00:07:56,290 but of course it will never stop spinning here, 133 00:07:56,290 --> 00:07:59,470 because we actually did not send any response back, 134 00:07:59,470 --> 00:08:03,160 and so the request response cycle is never ended. 135 00:08:03,160 --> 00:08:04,870 But anyway, I just wanted to look 136 00:08:04,870 --> 00:08:07,680 at the request body, remember that? 137 00:08:07,680 --> 00:08:10,853 And so as I mentioned before, it's now actually MT. 138 00:08:11,960 --> 00:08:15,100 Okay, so as I was saying, this will not really work 139 00:08:15,100 --> 00:08:18,510 just like this, because we need to add another middleware 140 00:08:18,510 --> 00:08:21,540 in order to parse data coming from a form. 141 00:08:21,540 --> 00:08:23,843 So let's do that in our app.js. 142 00:08:24,870 --> 00:08:28,333 But first, let's actually close some of these files here. 143 00:08:30,880 --> 00:08:35,880 Alright, this one as well, and now, going to app.js, 144 00:08:37,289 --> 00:08:40,373 let's add that clause to our body parser, 145 00:08:41,860 --> 00:08:45,273 so here we are, because actually it is very similar. 146 00:08:47,340 --> 00:08:51,423 So app.use, and it's still a Express built in middleware, 147 00:08:52,940 --> 00:08:56,837 so express.urlencoded, okay, and it's called this way 148 00:09:00,280 --> 00:09:03,380 because remember, the way that the form sends data 149 00:09:03,380 --> 00:09:06,830 to the server is actually also called URL encoded, 150 00:09:06,830 --> 00:09:09,000 and so here, we need that middleware 151 00:09:09,000 --> 00:09:13,440 to basically parse data coming from a URL encoded form. 152 00:09:13,440 --> 00:09:16,630 Then we pass in some settings, and we can say 153 00:09:16,630 --> 00:09:21,630 extended true, and that will simply allow us 154 00:09:22,000 --> 00:09:23,720 to pass some more complex data, 155 00:09:23,720 --> 00:09:25,650 which in this case is not really necessary, 156 00:09:25,650 --> 00:09:29,530 but still let's use it here, and we can also set 157 00:09:29,530 --> 00:09:33,010 the limit property as we did in the body parser, 158 00:09:33,010 --> 00:09:37,113 so up here, and so let's again say 10 kilobyte. 159 00:09:38,930 --> 00:09:42,930 Alright, and so if we try this now again here, 160 00:09:42,930 --> 00:09:46,670 we should indeed get this data, and this data. 161 00:09:46,670 --> 00:09:50,370 Let's again add this different data here, 162 00:09:50,370 --> 00:09:53,620 so just so we're sure they're actually getting 163 00:09:54,480 --> 00:09:56,090 not the current user, but really 164 00:09:56,090 --> 00:09:57,593 the data coming from the form, 165 00:09:59,820 --> 00:10:02,860 okay, and again it keeps spinning forever here, 166 00:10:02,860 --> 00:10:07,720 or until it times out, but what we're interested in, 167 00:10:07,720 --> 00:10:11,850 is to actually get this new data here now in our body. 168 00:10:11,850 --> 00:10:16,410 Great, so that works, and so we now have our HTML form 169 00:10:16,410 --> 00:10:19,920 really connected to this route handler here. 170 00:10:19,920 --> 00:10:22,860 And so now we can go ahead and actually update the user 171 00:10:22,860 --> 00:10:25,490 based on this new data, alright. 172 00:10:25,490 --> 00:10:29,010 So, let's get rid of this, and then update the user 173 00:10:29,010 --> 00:10:31,610 as we already know how to do it. 174 00:10:31,610 --> 00:10:33,900 Now, first of all, we're going to have to 175 00:10:33,900 --> 00:10:37,873 import the user model, so let's do that. 176 00:10:39,160 --> 00:10:44,160 User, here with a small U, alright, 177 00:10:46,930 --> 00:10:51,910 and so now let's say the user is equal to 178 00:10:51,910 --> 00:10:55,013 await User.findByIdAndUpdate. 179 00:11:00,780 --> 00:11:04,850 Right, then of course as always, mark this one 180 00:11:04,850 --> 00:11:07,473 as async, and catch all the errors. 181 00:11:12,920 --> 00:11:17,890 Now alright, so what is the ID that we're looking for? 182 00:11:17,890 --> 00:11:21,120 And I hope that at this point you know where it is, 183 00:11:21,120 --> 00:11:25,640 it will be at request.user.id. 184 00:11:25,640 --> 00:11:27,980 Oh, and one important thing that we need to do, 185 00:11:27,980 --> 00:11:30,490 which I didn't do yet, is to actually protect 186 00:11:30,490 --> 00:11:32,600 this route here as well, okay, 187 00:11:32,600 --> 00:11:35,430 'cause only then we actually have this user 188 00:11:35,430 --> 00:11:38,810 on the request, right, and of course also 189 00:11:38,810 --> 00:11:41,050 we only want to be able to access this route 190 00:11:41,050 --> 00:11:44,470 if we are logged in, otherwise anyone could 191 00:11:44,470 --> 00:11:46,683 simply go ahead and update some data. 192 00:11:48,210 --> 00:11:50,880 So, here in the route, let's of course 193 00:11:50,880 --> 00:11:53,300 add authController.protect. 194 00:11:58,450 --> 00:12:03,390 Alright, so, that is the ID, then we need 195 00:12:03,390 --> 00:12:08,343 the new data, and so let's say that we want 196 00:12:08,343 --> 00:12:13,320 a name equal to request.body.name, 197 00:12:18,710 --> 00:12:23,233 and the email set to request.body.email. 198 00:12:25,010 --> 00:12:27,960 And remember that these are the names of the fields, 199 00:12:27,960 --> 00:12:31,630 because we gave them the name attribute in the HTML form. 200 00:12:31,630 --> 00:12:35,470 Remember, now before when we updated some data, 201 00:12:35,470 --> 00:12:37,970 we used to pass in the entire request 202 00:12:37,970 --> 00:12:41,020 here into the update method, right, 203 00:12:41,020 --> 00:12:44,520 but in this case, we really only want to update the name 204 00:12:44,520 --> 00:12:47,210 and the email, and so like this, we are sure 205 00:12:47,210 --> 00:12:50,710 that anything else basically is being stripped away 206 00:12:50,710 --> 00:12:53,040 from the body, 'cause some hacker could of course 207 00:12:53,040 --> 00:12:55,770 now go ahead and add some additional fields 208 00:12:55,770 --> 00:12:58,330 to the HTML and then for example submit 209 00:12:58,330 --> 00:13:01,020 data like passwords and stuff like that, 210 00:13:01,020 --> 00:13:03,070 and so of course we do not want to store 211 00:13:03,070 --> 00:13:06,720 that malicious data into our database, right. 212 00:13:06,720 --> 00:13:10,700 Also, passwords are once more handled separately, 213 00:13:10,700 --> 00:13:13,250 because remember that we can never never update 214 00:13:13,250 --> 00:13:17,120 passwords using findByIdAndUpdate. 215 00:13:17,120 --> 00:13:20,580 Again, because that's not going to run the safe middleware 216 00:13:20,580 --> 00:13:23,860 which will take care of encrypting our passwords. 217 00:13:23,860 --> 00:13:26,560 Okay, and so that's why we have a separate route 218 00:13:26,560 --> 00:13:29,950 for that in our API, and also we have a separate from 219 00:13:29,950 --> 00:13:32,090 for that in our user interface. 220 00:13:32,090 --> 00:13:34,550 And so usually that's what you always see 221 00:13:34,550 --> 00:13:36,610 in web applications when you want 222 00:13:36,610 --> 00:13:38,430 to update your passwords, you usually 223 00:13:38,430 --> 00:13:41,493 have a separate form only for that, okay. 224 00:13:42,830 --> 00:13:45,373 Anyway, let's now continue here with our options, 225 00:13:46,640 --> 00:13:50,063 where we say that we want to get the new, 226 00:13:51,140 --> 00:13:54,463 so basically the updated document as a result, 227 00:13:55,350 --> 00:13:59,053 and also that we want to run the validators. 228 00:14:00,500 --> 00:14:03,193 So this is just like we did it before in our API. 229 00:14:05,410 --> 00:14:08,613 Great, so let's actually call it updatedUser. 230 00:14:12,800 --> 00:14:16,070 Okay, and so what do we want to do now? 231 00:14:16,070 --> 00:14:18,763 Well, after submitting the data on our website, 232 00:14:19,790 --> 00:14:22,350 basically what we want is to simply come back 233 00:14:22,350 --> 00:14:24,760 to this page here, but of course then 234 00:14:24,760 --> 00:14:27,660 with the updated data here, okay. 235 00:14:27,660 --> 00:14:30,170 So that's easy, all we will have to do 236 00:14:30,170 --> 00:14:32,873 is to basically render the account page again. 237 00:14:34,160 --> 00:14:36,340 And so that's similar to this one, 238 00:14:36,340 --> 00:14:39,900 let's just copy it, okay, but now 239 00:14:39,900 --> 00:14:41,910 there's actually one important difference, 240 00:14:41,910 --> 00:14:44,120 because right now, we actually also 241 00:14:44,120 --> 00:14:47,600 need to pass in the user, so the updated user, 242 00:14:47,600 --> 00:14:49,920 because otherwise, the user that the template 243 00:14:49,920 --> 00:14:52,190 is going to use, is the one that's coming from 244 00:14:52,190 --> 00:14:54,330 the protect middleware, remember, 245 00:14:54,330 --> 00:14:57,223 and so that one is not going to be the updated user. 246 00:14:58,720 --> 00:15:03,720 Right, and so we need to pass in user is updatedUser. 247 00:15:06,050 --> 00:15:08,933 Alright, and so, that should be enough. 248 00:15:10,450 --> 00:15:14,943 So if we now reload this, or actually if now save this here, 249 00:15:16,000 --> 00:15:17,890 then you see that we actually came back 250 00:15:17,890 --> 00:15:20,970 to the exact same page and the data is still the same. 251 00:15:20,970 --> 00:15:25,000 So let's prove that, go to some other page, 252 00:15:25,000 --> 00:15:27,450 and then go back to the settings page. 253 00:15:27,450 --> 00:15:29,500 And so, this proves that the data 254 00:15:29,500 --> 00:15:31,603 has now effectively been updated. 255 00:15:33,090 --> 00:15:35,440 So if we now log out, then let's try 256 00:15:35,440 --> 00:15:37,423 to log in with this new email. 257 00:15:39,530 --> 00:15:44,530 So I wanted to log out, alright, and now log in again. 258 00:15:44,950 --> 00:15:47,493 And so now, we're going to use this new email, 259 00:15:48,780 --> 00:15:51,130 and of course still the old password, test1234, 260 00:15:53,810 --> 00:15:56,500 and indeed, this is now the new email address 261 00:15:56,500 --> 00:15:59,670 that we need to use in order to log in. 262 00:15:59,670 --> 00:16:01,120 Now let's just see what happens 263 00:16:01,120 --> 00:16:04,860 when we pass in some wrong data here. 264 00:16:04,860 --> 00:16:07,120 For example, Google Chrome allows us 265 00:16:07,120 --> 00:16:09,530 to submit an email address like this, 266 00:16:09,530 --> 00:16:11,550 but of course, our Mongoose model 267 00:16:11,550 --> 00:16:14,250 does not allow an email with this format. 268 00:16:14,250 --> 00:16:15,950 And so we should now get an error, 269 00:16:17,620 --> 00:16:20,540 and so indeed, we get this error, 270 00:16:20,540 --> 00:16:23,690 please provide a valid email, but that's kind of 271 00:16:23,690 --> 00:16:26,530 a terrible user experience, right, 272 00:16:26,530 --> 00:16:28,470 so we were just submitting our data, 273 00:16:28,470 --> 00:16:31,740 and then all of a sudden, we went to a completely new page. 274 00:16:31,740 --> 00:16:36,740 And actually we see that we also got to this new URL, 275 00:16:36,850 --> 00:16:39,420 so the one where we submitted the data to. 276 00:16:39,420 --> 00:16:41,470 And so yeah, that's a bit terrible, 277 00:16:41,470 --> 00:16:43,930 and so as I was saying right in the beginning, 278 00:16:43,930 --> 00:16:46,420 this way of doing things is actually a bit worse 279 00:16:46,420 --> 00:16:48,960 for handling errors, which is one of the reasons 280 00:16:48,960 --> 00:16:51,840 why I personally prefer to use the API 281 00:16:51,840 --> 00:16:55,640 that we already created in order to update the user data, 282 00:16:55,640 --> 00:16:57,740 and in general to do this kind of stuff. 283 00:16:57,740 --> 00:17:00,720 Alright, so let's actually do exactly that 284 00:17:00,720 --> 00:17:02,003 in the next video. 23514